Main Inclusion Report for Amavisd-new
The amavisd-new source package historically buildt two binaries, amavisd-new and amavisd-new-milter. Only the amavisd-new binary is needed in Main for the spec. Since the milter is considered unsupported by the Debian Maintainer, if this is otherwise approved, a new revision will be uploaded that builds only amavisd-new and not the milter. The milter unique build-dep and depends are not included.
Requirements
Availability: http://archive.ubuntu.com/ubuntu/pool/universe/a/amavisd-new/; available for all supported architectures.
Rationale:
Selected at UDS Boston as part of the https://blueprints.launchpad.net/ubuntu/+spec/server-packages-review spec as a package to add to ubuntu-server for competitive reasons.
- Amavisd-new is the upstream recommended approach for integrating anti-virus and spam filtering into Postfix and so bringing this into main gives a common, supported package for this (and also brings some helpful functionality of it's own).
Security:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=amavisd-new:
Only http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1096 filed in 2004 on a package amavisd-new depends on.
- Any binaries running as root or suid/sgid ? No Any daemons ? Yes. Both the amavisd-new and amavisd-new-milter packages run as daemons under the user amavis
- Network activity: does it open any port ? Yes. It listens on port 10024 by default. Does it handle incoming network data ? Yes, although it's normally run after queue with Postfix and Postfix talks to the outside world.
- Any source code review performed ? No.
Quality assurance:
- In what situations does the package not work out of the box without configuration ? It requires integration with Postfix to be functional.
- Does the package ask any debconf questions higher than priority 'medium' ?
Debian bugs: No showstoppers.
Maintenance in Debian is vigorous ?
Upstream is frenetic/vigorous/calm/dead ?
- No Upstream bug tracker that's public.
- Hardware: Does this package deal with hardware and if so how exotic is it ? None
Standards compliance:
FHS, Debian Policy compliance ? Yes. Some minor binaries without manpages, but that's it.
Debian library packaging guide standards compliance ? N/A
- Packaging system (debhelper/cdbs/dbs) ? debhelper Patch system ? dpatch Any packaging oddities ? The milter package will have to be stripped out, ensuring a large diff with Debian.
Dependencies:
- With the exception of libmilter-dev (which goes away when amavisd-new-milter is removed), the build-deps and depends are all now in Main.
Background information:
- What do upstream call this software ? amavisd-new Has it had different names in the past ? It derives from amavis and it's many spinoffs such as amavisd.
Reviewers
MIR bug: https://bugs.launchpad.net/ubuntu/+source/amavisd-new/+bug/183418
Author: ScottKitterman